NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
jetcosys
Jan 18, 2017Tutor
Cannot connect VPN with L2TP
Hi all! I've followed all the instructions I can find to setup L2TP VPN to connect to the FVS318Gv2 VPN from remote Windows 10 clients, but cannot seem to get it to work. I followed the instruction...
- Jan 24, 2017
Thanks! Yes, changing to "Main" did allow VPN to connect. Although I can't see the network resources, so something is messed up with my IP routing somewhere. :(
-Joe
train_wreck
Jan 22, 2017Luminary
Set "Exchange Mode" to "Main" in your IKE policy. Also, you didn't post a screenshot of the "L2TP Server" page, I'm guessing it's been properly configured as well?
jetcosys
Jan 24, 2017Tutor
Thanks! Yes, changing to "Main" did allow VPN to connect. Although I can't see the network resources, so something is messed up with my IP routing somewhere. :(
-Joe
- train_wreckJan 24, 2017Luminary
What do you mean when you say you can't "see" network resources? Can you ping them?
- jetcosysJan 25, 2017Tutor
Spoke too soon. VPN connects then disconnects shortly thereafter. While connected I can't ping any resources on the network where VPN is connected. I do get assigned one of the IP addresses in the pool for L2TP, but not sure how this translates to an IP address on the internal network I need to access shares on.
Here is the log from the disconnect:
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: No policy found: 10.10.10.0/24[0] 192.168.69.1/32[0] proto=any dir=out
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: No policy found: 192.168.69.1/32[0] 10.10.10.0/24[0] proto=any dir=in
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: 192.168.69.1 IP address has been released by remote peer.
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: KA remove: 96.x.x.x[4500]->108.x.x.x[4500]
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: ISAKMP-SA deleted for 96.x.x.x[4500]-108.x.x.x[4500] with spi:1c839229c40a79aa:0075e3770bb1bb68
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Ignoring request for negotiation to 108.x.x.x as Local is configured as Responder.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: anonymous
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=1c839229c40a79aa:0075e3770bb1bb68.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=2321133354(0x8a59af2a).
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Deleting generated policy for 108.x.x.x[0]
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Transport 96.x.x.x->108.x.x.x with spi=2321133354(0x8a59af2a)
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Transport 108.x.x.x->96.x.x.x with spi=213507967(0xcb9df7f)
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Adjusting peer's encmode 4(4)->Transport(2)
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: No policy found, adjusting source address for generating the policy incase of NAT-T in Transport Mode: 108.x.x.x/32[1701] 96.x.x.x/32[1701] proto=udp dir=in
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: No policy found, generating the policy : 192.168.1.10/32[1701] 96.x.x.x/32[1701] proto=udp dir=in
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: anonymous
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Responding to new phase 2 negotiation: 96.x.x.x[0]<=>108.x.x.x[0]
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Sending Informational Exchange: notify payload[608]
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: ISAKMP-SA established for 96.x.x.x[4500]-108.x.x.x[4500] with spi:1c839229c40a79aa:0075e3770bb1bb68
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: 192.168.69.1 IP address is assigned to remote peer 108.x.x.x[4500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: KA list add: 96.x.x.x[4500]->108.x.x.x[4500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Floating ports for NAT-T with peer 108.x.x.x[4500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT detected: PEER
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT-D payload does not match for 108.x.x.x[500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT-D payload matches for 96.x.x.x[500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: invalid DH group 19.
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: invalid DH group 20.
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: For 108.x.x.x[500], Selected NAT-T version: RFC 3947
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor IDTue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: RFC 3947
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Beginning Identity Protection mode.
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received request for new phase 1 negotiation: 96.x.x.x[500]<=>108.x.x.x[500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x[500].Based on the error it looks like I need a policy between the VPN network (192.168.69.0) to the LAN network (10.10.10.0)??
Sorry, I'm quite the rookie on this. :(
-Joe
- train_wreckJan 25, 2017Luminary
what does "L2TP Server" config page look like?
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!